MediaTek Confirms the Software Vulnerability

MediaTek Confirms the Software Vulnerability

A leading semiconductor company that provides system-on-chip solutions to many manufacturers, MediaTek, has confirmed a serious vulnerability that is affecting a fraction of handsets running on Android KitKat 4.4. When the device is ready, each handset has to undergo a debug test to check the inner inter-operability. The manufacturer has to disable the feature before shipping it, but some of them failed to do so.

A user that has the root access to the device can attack the device that is vulnerable. A security researcher, Justin Case, noticed this vulnerability. He said in his statement that the root user can do a lot of things like accessing the protected data, spy on a user, monitor communications and much more.

There is a long list of problems which can be caused due to this issue. The private data of all the users who are using the vulnerable devices are under threat of getting leaked.

In his tweet, Case mentioned MediaTek and said that as MediaTek has to break basic security feature to run this backdoor feature, they have left the ReadOnly options not so “Read Only”. To this tweet, MediaTek replied that they are working on the patch to address the issue.

In their statement, MediaTek informed the users about the vulnerability without leaking much information about the process.

When MediaTek was asked about the manufacturer and particular models which can be vulnerable to attack, they simply said that only a small portion of the handsets is under threat and they have already alarmed the concerned manufacturers on the matter.

There are a lot of manufacturers who are using the MediaTek chipsets and such security loopholes are quite disturbing. Justin Case has informed the public in time, but a lot of damage might have already taken place which only be revealed with time.

Hopefully, MediaTek will address the issue and release the patch as soon as possible. This also shows how important it is for a chipset company to issue proper guidelines for the manufacturers to make sure private data remains private in future.

Anurag Bhateja

Anurag Bhateja

Anurag is from Chandigarh, an expert in product photography and also good in writing articles, particularly in cyber security niche. He is an expert in translation from Hindi to English or English to Hindi.

Leave a Response

share on: